From 4bb7d9fd1241a3c263636efa03ee8c62ab744515 Mon Sep 17 00:00:00 2001 From: Taylor Yu Date: Mon, 26 Mar 2018 17:51:50 -0500 Subject: [PATCH] Fix CID 1430932 Coverity found a null pointer reference in nodelist_add_microdesc(). This is almost certainly impossible assuming that the routerstatus_t returned by router_get_consensus_status_by_descriptor_digest() always corresponds to an entry in the nodelist. Fixes bug 25629. --- changes/bug25629 | 3 +++ src/or/nodelist.c | 13 ++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 changes/bug25629 diff --git a/changes/bug25629 b/changes/bug25629 new file mode 100644 index 000000000..190928a94 --- /dev/null +++ b/changes/bug25629 @@ -0,0 +1,3 @@ + o Minor bugfixes (C correctness): + - Fix a very unlikely null pointer dereference. Fixes bug 25629; + bugfix on 0.2.9.15. Found by Coverity; this is CID 1430932. diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 5a02648c5..26f990b08 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -263,13 +263,12 @@ nodelist_add_microdesc(microdesc_t *md) if (rs == NULL) return NULL; node = node_get_mutable_by_id(rs->identity_digest); - if (node) { - if (node->md) - node->md->held_by_nodes--; - node->md = md; - md->held_by_nodes++; - } - + if (node == NULL) + return NULL; + if (node->md) + node->md->held_by_nodes--; + node->md = md; + md->held_by_nodes++; node_add_to_address_set(node); return node;